-
Notifications
You must be signed in to change notification settings - Fork 44.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security(platform): Add sealed secrets #8342
Conversation
✅ Deploy Preview for auto-gpt-docs canceled.
|
PR Reviewer Guide 🔍Here are some key observations to aid the review process:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add docs on how someone can generate new ones of these so you aren’t the only one
* feat(platform): List and revoke credentials in user profile (#8207) Display existing credentials (OAuth and API keys) for all current providers: Google, Github, Notion and allow user to remove them. For providers that support it, we also revoke the tokens through the API: of the providers we currently have, Google and GitHub support it; Notion doesn't. - Add credentials list and `Delete` button in `/profile` - Add `revoke_tokens` abstract method to `BaseOAuthHandler` and implement it in each provider - Revoke OAuth tokens for providers on `DELETE` `/{provider}/credentials/{cred_id}`, and return whether tokens could be revoked - Update `autogpt-server-api/baseClient.ts:deleteCredentials` with `CredentialsDeleteResponse` return type Bonus: - Update `autogpt-server-api/baseClient.ts:_request` to properly handle empty server responses * fix(backend): Lower the number of node workers to save DB connections (#8331) Change [graph]×[node] worker limit from 10×5 to 10×3 --------- Co-authored-by: Reinier van der Leer <[email protected]> * fix(ci,platform): Add dev branch trigger to all ci (#8339) * update ci for dev * update classic * remove duplicate dev * fix(frontend): Fix styling inconsistencies in input elements (#8337) - Apply consistent border styling to `Input`, `Select`, and `Textarea` - Remove `rounded-xl` from node input elements - Add `whitespace-nowrap` to `CustomNode` header category tags --------- Co-authored-by: Zamil Majdy <[email protected]> * feat(builder): Use configmap for builder (#8343) use configmap in builder * fix(platform,infra): Checkin non secret values (#8344) checkin non secrets * security(platform): Add sealed secrets (#8342) * add sealed secrets * add encrypted secrets * remove extra space * Tf public media buckets (#8324) * fix(infra): Fix sealed secret names (#8350) * fix sealed secret names * fix names and add annotation * feat(backend): Introduce executors shared DB connection (#8340) * update health checkendpoint --------- Co-authored-by: Krzysztof Czerwinski <[email protected]> Co-authored-by: Reinier van der Leer <[email protected]> Co-authored-by: Zamil Majdy <[email protected]> Co-authored-by: Swifty <[email protected]>
* feat(platform): List and revoke credentials in user profile (#8207) Display existing credentials (OAuth and API keys) for all current providers: Google, Github, Notion and allow user to remove them. For providers that support it, we also revoke the tokens through the API: of the providers we currently have, Google and GitHub support it; Notion doesn't. - Add credentials list and `Delete` button in `/profile` - Add `revoke_tokens` abstract method to `BaseOAuthHandler` and implement it in each provider - Revoke OAuth tokens for providers on `DELETE` `/{provider}/credentials/{cred_id}`, and return whether tokens could be revoked - Update `autogpt-server-api/baseClient.ts:deleteCredentials` with `CredentialsDeleteResponse` return type Bonus: - Update `autogpt-server-api/baseClient.ts:_request` to properly handle empty server responses * fix(backend): Lower the number of node workers to save DB connections (#8331) Change [graph]×[node] worker limit from 10×5 to 10×3 --------- Co-authored-by: Reinier van der Leer <[email protected]> * fix(ci,platform): Add dev branch trigger to all ci (#8339) * update ci for dev * update classic * remove duplicate dev * fix(frontend): Fix styling inconsistencies in input elements (#8337) - Apply consistent border styling to `Input`, `Select`, and `Textarea` - Remove `rounded-xl` from node input elements - Add `whitespace-nowrap` to `CustomNode` header category tags --------- Co-authored-by: Zamil Majdy <[email protected]> * feat(builder): Use configmap for builder (#8343) use configmap in builder * fix(platform,infra): Checkin non secret values (#8344) checkin non secrets * security(platform): Add sealed secrets (#8342) * add sealed secrets * add encrypted secrets * remove extra space * Tf public media buckets (#8324) * fix(infra): Fix sealed secret names (#8350) * fix sealed secret names * fix names and add annotation * feat(backend): Introduce executors shared DB connection (#8340) * update health checkendpoint --------- Co-authored-by: Krzysztof Czerwinski <[email protected]> Co-authored-by: Reinier van der Leer <[email protected]> Co-authored-by: Zamil Majdy <[email protected]> Co-authored-by: Swifty <[email protected]>
Background
Adding sealed secrets for all of our secrets. This encrypts the secrets and ensures only the cluster can decrypt internally. This way we aren't locked into any vendor with a vault or secret manager. We can also store all our secrets publically since no one can decrypt them.
Changes 🏗️
Encrypted all secrets and added to appropriate values
Testing 🔍
Note
Only for the new autogpt platform, currently in autogpt_platform/